Lock@* Security Vulnerabilities and Issues — Lock@* CVE List

Lucene search

Auth0Lock*

2 matches found

CVE•added 2020/02/03 6:15 p.m.•69 views

CVE-2019-20174

Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is used with an untrusted placeholder.

6.1CVSS5.9AI score0.0046EPSS

CVE•added 2020/08/20 1:17 a.m.•66 views

CVE-2020-15119

In auth0-lock versions before and including 11.25.1, dangerouslySetInnerHTML is used to update the DOM. When dangerouslySetInnerHTML is used, the application and its users might be exposed to cross-site scripting (XSS) attacks.

6.4CVSS5.3AI score0.00282EPSS